Hash (SHA1) of this article:8979f4358074a19f55ef12041bad2dd34931b8ebb6730b755551c42f8e4476ca
No.: PandaLY Security Knowledge No.054
A friend worked hard to make a profit of 10,000U through trading. He was happy to withdraw the money, but suddenly found that his account was frozen by the exchange BYDFi. Shockingly, the exchange not only did not give a reasonable reason for the freeze, but also refused to communicate and directly replied: "The principal can be withdrawn, but there is nothing wrong with freezing the profit part."
To date, the BYDFi exchange has not returned the profits to users.
The blockchain is based on decentralization, but exchanges are the opposite. Once you deposit funds into an exchange, your assets are no longer under your control. Especially for idiot exchanges, they often freeze funds at will, refuse withdrawals, or even embezzle funds.
Obviously, BYDFi, which we just talked about, is one of these exchanges. Unfortunately, few people use this exchange, so there are not many cases to talk about. Let’s take the most classic failed exchange, “Tiger Token”, as today’s case.
Tiger Exchange - A Fighter Among Wild Chickens
"All warfare is based on deception." - Sun Tzu's Art of War
Fake exchanges will not collapse all at once, but will give you a little sweetness and then cut you off completely.
Huobi Exchange has been in operation for a long time. It was established in 2017 and collapsed in 2022, which is a full five years. You should know that most of the fake exchanges only exist for about six months before they go bankrupt. Huobi Exchange has been established for a long time. Thanks to the large amount of harvesting, and the crazy traffic through the "teachers who lead orders" who show high returns, the leeks are one after another, and they can't be harvested all at once.
Huo Fu has more ways to harvest than you can imagine. He can be called a fighter among the fake exchanges. He has listed hundreds of pyramid scheme coins, maliciously inserted pins, maliciously rolled back, cut spot, cut contracts, pulled network cables, launched his own projects and cut people. He does everything that fake exchanges do, and he also does things that fake exchanges don't do.
In 2021, a user called the police, claiming that Huobi Exchange and the trading teacher had cut off his 200,000 RMB. Under the guidance of the trading teacher, the user traded contracts on Huobi and lost a total of 33,731 USDT. After discovering that he had been cut, he immediately called the police. After the trading teacher knew about it, he threatened the user, "If you think you are strong, you can try it," "My lawyer will contact you," etc.
Finally, the deceived user reported the case and found the personal information of the teacher through the police system. Finally, the teacher was arrested and the funds were returned.
If I don't open a contract and just take the spot, I won't lose all my money, right?
Huobi makes money not only through contracts, but also through many MLM coins. Zild is one of the MLM coins that Huobi has launched. Like imtoken, this project has found a bunch of foreigners to endorse it, claiming to be a centralized network protocol developed by 24 Russian doctors. The logic of mining is that borrowing money to generate tokens is equivalent to mining, and there is also income from recruiting people. Seeing this, friends with some experience will realize that this is a Ponzi scheme, just a cryptocurrency. It even calls itself DeFi, but it actually has no DeFi characteristics at all.
It is such a coin that is constantly promoted on social media, saying that our coin is honored to be listed on Hufu, thus attracting all kinds of retail investors to Hufu. Hufu and ZILD started a win-win mode, harvesting leeks together, and finally ZILD ran away with zero unexpectedly.
So if I don’t touch the contract or take orders, are my assets safe?
In Hufu, the safety of assets depends on luck. Assets are often stolen from exchanges. The most famous one is the "Tudouer Incident". In just one night, 11.3 BTC and 30 ETH were instantly cleared. The reason given by Hufu was that someone logged into his account remotely through the verification code and changed the transaction password, and Tudou did not contact the exchange to freeze it immediately, so it was Tudou's problem rather than the exchange's problem.
According to professional analysis, this case is likely to be committed by Tiger Trust. After all, with this technology, how could the hacker only steal from one person?
Besides, at Hufu, it is not up to you to decide how much money you make.
On January 31, 2021, the price of the Hoo token suddenly plummeted from 0.032u to 0.0062u. Investors saw the situation and bought in. One investor bought 115,350 tokens, but soon, these tokens were confiscated by the platform. And after two hours, the exchange directly removed the HOO/USDT trading pair and froze the user account that earned the difference.
In the end, although the purchased USDT was returned, the transaction fee was still charged. Tiger Token not only recovered the loss, but also earned the transaction fee, which is worthy of being a fighter among the wild chickens.
Why did the tiger talisman , which became bigger and stronger and had a lot of rice , finally fall?
Due to the collapse of LUNA, on June 19, 2022, Huobi announced that the withdrawal review time would be extended to 24-72 hours, and that it would gradually return to normal levels after 72 hours. However, many people did not believe it, which caused a large number of runs.
Finally, on July 15, Huobi’s boss Wang Ruixi said that Fang Wenbin (net name: Top), the former head of security at Binance, used his position to privately delete the company’s system, causing the company’s owners to be unable to access the system and the main domain name to temporarily fail. He also said that Fang Wenbin pretended to be a law enforcement officer and stole the company’s information and assets without going through legal procedures.
In response, Fang Wenbin said that the company's platform domain name has nothing to do with the office system, so it is impossible that he stole it. Wang Ruixi had already transferred most of the assets from the platform. Now the company's employees have not received their salaries, and platform users cannot withdraw their coins. Many people are currently taking the path of rights protection. He has retained all the chat records of the Hufu office system for evidence collection in accordance with the requirements of the criminal investigation.
Finally, on July 25, 2022, Huobi issued a statement that it would stop all trading services and cancel all business status starting from August 1, 2022. Since Huobi can no longer directly afford to withdraw users' assets, it launched the "Debt-to-Coin Conversion Plan", which actually means that Huobi has issued two useless coins. Users can only withdraw their assets into these two coins. It is up to you whether you can sell them or not. Anyway, I have no money and I'm going to run away.
There are so many tricks in the fake exchanges, and since the domestic laws in this area are not perfect enough, the bosses make a lot of money and the users lose a lot of money, and they have nowhere to complain.
Why are fake exchanges so attractive?
Through the above cases, we can see that fake exchanges will do anything to cheat you out of your money.
Are you wondering why you should choose a fake exchange when there are three good exchanges? Of course, they have ways to attract users. They mainly rely on the following methods:
1. Deposit and register to receive airdrop
2. KOL joint promotion
3. High-yield financial management
4. Listing of junk coins
5. High leverage contracts
Each method seems to be full of opportunities, but in fact it is full of traps, and investors will eventually become leeks to be harvested without knowing it. For example:
Deposit and register to get airdrop
Many exchanges attract users through registration airdrops, including mainstream exchanges and quack exchanges. In the early stage, they attract users by pulling up the market, and then dump the market to make money. Most users cannot withdraw their coins or their coins are returned to zero, and they become a tool for attracting new users for free.
KOL joint promotion
Fake exchanges team up with cryptocurrency KOLs to get them to recruit new members for the exchanges, and the exchanges provide KOLs with commissions for recruiting new members. In fact, KOLs themselves will not use the exchanges, and they will just promote the next project after receiving the commissions.
High-yield financial management
It claims to provide financial returns higher than those of mainstream exchanges, using short-term high returns for hunger marketing and long-term financial management to attract more users, but ultimately it is a Ponzi scheme.
Listing of junk coins
They claim that they will launch powerful coins earlier than major exchanges to attract users to register, but in fact they issue coins at a low cost or directly use false data to pull up the market, and then make a sharp move to reap the profits after most users enter the market, or continue to fall until their positions are liquidated.
High leverage contracts
The exchange offers a leverage of up to 500 times, and users are attracted to the exchange if they dare. The backend manipulates the K-line, causing large accounts to be liquidated, and the exchange uses the excuse of "a large account opened a reverse position" to evade users.
It is really hard to imagine the operation of the swindler exchanges. They will do anything to empty your wallet. So how can we prevent such swindler exchanges in the cryptocurrency circle?
How to prevent it?
The way to avoid junk exchanges is actually very simple. You only need to use the three major exchanges (OKX, Binance, HTX). Of course, you can also use some second-tier exchanges that are constantly doing things, such as Gate or Bybit, etc., but it should be noted that the top exchanges usually have good services and low withdrawal fees. On the other hand, second-tier exchanges or newly established exchanges usually have no services and charge high withdrawal fees.
For other small exchanges, if you insist on using them, please pay attention to the following points:
Check social media and community activity
Check the user interaction of the exchange on social platforms (such as X, Telegram, Discord). If a large number of comments and interactions seem mechanical or repetitive, there may be a practice of inflating the volume. When an exchange has little traffic, it means that the possibility of running away is extremely high.
Check transaction volume and address activity
Analyze the on-chain transaction volume and active addresses of the exchange through on-chain data tools (such as Etherscan). You can use this to see whether the officially announced transaction volume and active addresses are true.
Test withdrawal process
After a small deposit, try to withdraw and see if the speed and fee are reasonable. If the withdrawal process is complicated or there is a long delay, then there must be something wrong with the exchange, just like your boss has delayed paying your salary for several months.
Pay attention to user reviews and safety records
Search for historical security incidents of the exchange, such as whether it has ever run away, frozen user funds, or been attacked by hackers. If it has received a lot of bad reviews and has been stolen from time to time by hackers, then it is certain that hackers or viruses are being blamed again.
Conclusion
As Buffett said, “Risk comes from not knowing what you are doing.”
In addition to potential risks such as market manipulation and difficulty in withdrawing funds, idiot exchanges may also take unreasonable means of freezing funds, seriously damaging the interests of users. Just like the case mentioned in Zhang Aoman’s tweet and the Huobi exchange we reviewed. You never know how your funds will be lost.
Therefore, when choosing an exchange, users should be extra cautious and avoid using small trading platforms that lack transparency and supervision, and try to choose those with a good reputation and regulated platforms. Investment is a long-term business, and the risk lies in not fully understanding it. Especially in terms of fund security and transaction dispute resolution, stable and compliant exchanges can provide higher protection.
Thank you for your reading. We will continue to focus on and share blockchain security content.
